Full Abstract

Welcome! If you're new to NANOG, or if you're an experienced attendee and just feel like hanging out, this orientation session and reception are for you. Join us to meet other newcomers as well as members of the NANOG Steering Committee, Program Committee, and List-admin team. We'll demystify the goings-on at NANOG, and also tell you a bit about the birth of the organization way back in the mists of time. We'll meet from 3:30-5:00 p.m. on Sunday, June 5. Light refreshments will be served—and be sure to join us immediately after the reception for the Community Meeting at 5:00 p.m. Opening Remarks and Welcome - Steve Feldman, CNET NANOG History - Bill Norton, Equinix Merit Overview - Betty Burke, Merit Network Inc.

Speakers
Moderator - Steve Feldman, CNET
Panelist - Betty Burke, Merit Network Inc.
Panelist - Bill Norton, Equinix

Full Abstract

• What subjects might interest the members but are not at the meeting because the talks were rejected by the PC
  
  
• Should the PC keep and publish minutes? With what content? - shows and no-shows - who is active in recruiting talks
  
  
• Transparency in PC review process, should the reviews be signed as opposed to anonymous?
  
  
• Should PC members be assigned to shepherd talks to help authors tune their talks earlier in the development process?
  
  
• What should the mid- long-term direction of NANOG be?
  
  
• How should we deal with attendees from the press - Attendance fee - Photography
  
  
• Two or three meetings a year?
  
  
• ML AUP change

  8. Challenge/response sender whitelisting software which requires interaction by any party to validate a post to the NANOG mailing list as non-spam shall be treated by the list administration team like any other condition that generates a bounce message. Subscribers with software (such as but not limited to TMDA) that is (mis) configured in this fashion are subject to removal from the list without notice, and are welcome to resubscribe at such time as their software is fixed.

Speakers
Moderator - Randy Bush, IIJ
Panelist - Betty Burke, Merit Network
Panelist - Steve Feldman, CNET
Panelist - Rob Seastrom, ClueTrust

Full Abstract

This tutorial introduces service providers to some advanced BGP features and techniques to aid with operating their networks within the Internet. After a recap of iBGP, eBGP, and common attributes, the tutorial will look at the various scaling techniques available, when to use BGP instead of an IGP, and policy options available through the use of local preference, MED, and communities. The tutorial then describes deployment techniques, including aggregation, announcing and receiving prefixes, and some of the newer features available.

Speakers
Philip Smith, Cisco Systems
Philip Smith joined Cisco Systems in January 1998. He is a member of the Service Provider Architectures Group of Consulting Engineering, within Corporate Development. His role includes working with many ISPs in the Asia-Pacific region and the rest of the world, specifically in network strategies, design, technology, and operations, as well as helping with network configuration and scaling. Other areas of interest also include Internet routing, Internet protocols, IPv6, and encouraging the growth of the Internet around the world. Prior to joining Cisco, he spent five years at PIPEX (now part of UUNET's global ISP business), the UK's first commercial Internet Service Provider. He was one of the first engineers working in the UK Internet, and played a fundamental role in building the modern Internet in the UK and Europe. Philip is co-author of Cisco ISP Essentials, published by Cisco Press. He holds a Doctor of Philosophy and has a First Class Honours Degree in Physics. He lives in Brisbane, Australia.

Full Abstract

The 2006 U.S. Peering Ecosystem is forecasting some turbulence over the next few years, and we will use this Peering BOF to explore some of these issues. Here are some of the ideas that the community has asked to discuss. We'll try something a bit different this time as well, recruiting a few brave souls to polish their crystal ball and project what they think the Internet Peering Ecosystem will look like in the year 2010. This exercise will hopefully be insightful, interesting, outlandish, or maybe way wrong. In any case, it will certainly help spur discussion among the members of this community. We'll take a look at the transit survey results from the last BOF, if they are available. Peering disclosure has re-emerged as an issue as customers increasingly are interested in ISPs' current and future peering relationships as a proxy for connectivity quality. This leads to the question, are there better metrics for this? We will have a couple people discuss an emerging trend in video distribution that may result in peered traffic that dwarfs today's peered Internet traffic. These are some of the discussions this BOF will facilitate. As usual, we will use the leftover time at the end of the BOF to allow new folks to introduce themselves to the community to facilitate peering discussions leading into the break.

Speakers
Bill Norton, Equinix
Bill Norton is Co-Founder and Chief Technical Liaison for Equinix. He focuses on research on large-scale interconnection and ISP peering, and in particular, scaling Internet operations using optical networking. Bill has published and presented his research in a variety of international forums. From 1987 to 1998, he served in several staff and managerial roles at Merit Network, directing national and international network research and operations activities and serving as NANOG coordinator. Bill received a B.A. in Computer Science and an M.B.A. from the Business School at the University of Michigan, and has been an active member of the Internet Engineering Task Force for the past 15 years.

Full Abstract

The explosion in network security and monitoring solutions has created challenges for operators who need secure access to network traffic in order to enable security and monitoring assets. Operators are looking for ways they can obtain high-visibility access to network traffic without affecting the security and integrity of their enterprise networks. Finding solutions that maintain link uptime, prevent packet loss and latency, avoid new points of failure, and provide flexibility and scalability is critical to successful network security and monitoring. This tutorial covers connectivity options that address these increasingly common issues. Participants will learn best practices for connecting their Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), probes, and analyzers to critical network links. Section 1: During the first half of the tutorial, participants receive an introduction to various methods of accessing network traffic, including hubs, network taps, and switch SPAN ports. The advantages and disadvantages of each will be presented. The various types of taps and their application in the network infrastructure will be presented along with diagrams of typical installations. Section 2: The second half of the tutorial covers various methods operators can use to increase the reach, efficiency, and value of their existing investments in network security and monitoring solutions. Participants learn how port and link aggregation solves connectivity and coverage challenges. Concurrent monitoring of a single link and connectivity flexibility are applications relevant to regeneration taps and matrix switches. An explanation of common link aggregator and matrix switch deployments will include both inline and SPAN applications.

Speakers
Joy Weber, Net Optics

Full Abstract

Security incidents are a daily event for Internet Service Providers. Attacks on an ISP's customers, attacks from an ISP's customer, worms, BOTNETs, and attacks on the ISP's infrastructure are now one of many "security" NOC tickets throughout the day. This increase in the volume and intensity of attacks has forced ISP's to spend constrained resources to mitigate the effects of these attacks on their operations and services. This investment has helped minimize the effects of the attacks, but it has not helped stop them at the source. Stopping attacks at their source requires rapid and effective inter-ISP cooperation. Hence, these ISP Security BOFs are also used as a face-to-face syncup meeting for the NSP-SEC forum. AGENDA Probing Open Recursive Name Servers John Kristoff Analyzing the results of remote open recursive name server probes. We look at the effectiveness of different probing techniques against different sets of data including reflectors used in recent attacks, other known open recursives and a large set of DNS server queriers. Some of the who and what are open will be briefly examined as as well as some unexpected responses to our probes that may invite further analysis. Infrastructure Security Survey Results Craig Labovitz Does Web 2.0 = Security 0.0? Roland Dobbins 'Web 2.0' hosted applications are going mainstream; recent events have highlighted the fact that not only enterprises, but millions of small businesses, SOHO users, and individuals who depend upon these applications are adversely impacted when disruptive network events occur. However, there has to date been little or no engagement between the traditional computer security community, the operational security community, and the developers/providers of these applications. What can be done - and what *should* be done, and by whom - to help integrate 'Web 2.0' application providers into the operational security community? What role, if any, should nsp-sec play? Email question for discussion from Monika Machado What tools are used by network operators for event correlation and aggregation and how effective are these tools for trending, analysis and reacting to incidents? Open MIC/Discussion

Speakers
Roland Dobbins, Cisco Systems
Danny McPherson, Arbor Networks

Full Abstract

In the last several months there have been a number of significant DDoS attacks using open recursive DNS servers to reflect and amplify the attack. In the last several weeks these attacks have begun to be picked up by the media. This presentation looks at the anatomy of these attacks from the victim point of view, as well as from the reflector point of view. The presentation looks at a specific attack, breaks down the traffic, what filtering does and doesn't work, as well as the challenges of each. The presentation also looks at data collected from a participating reflector, and extrapolates out the data to estimate the size and number of attacks that have been seen. Also extrapolated out in the presentation is the potential size of the attack if 500,000 open DNS servers were to be used.

Speakers
Frank Scalzo, Verisign

Full Abstract

We study the network-level behavior of spammers, including: IP address ranges that send the most spam, common spamming modes (e.g., BGP route hijacking, bots), how persistent (in time) each spamming host is, botnet spamming characteristics, and techniques for harvesting email addresses. This presentation studies these questions by analyzing an 18-month trace of over 10 million spam messages collected at one Internet "spam sinkhole," and by correlating these messages with the results of IP-based blacklist lookups, passive TCP fingerprinting information, routing information, and botnet "command and control" traces. We find that a small, yet non-negligible, amount of spam is received from IP addresses that correspond to short-lived BGP routes, typically for hijacked addresses. Most spam was received from a few regions of IP address space. Spammers appear to make use of transient "bots" that send only a few pieces of email over the course of a few minutes at most. These patterns suggest that developing algorithms to identify botnet membership, filtering email messages based on network-level properties (which are less variable than an email's contents), and improving the security of the Internet routing infrastructure may be prove extremely effective for combating spam.

Speakers
Nick Feamster, Georgia Tech University
Anirudh Ramachandran, Georgia Tech University

Full Abstract

It is no secret that DDoS is a growing problem and can cost companies millions of dollars. Anyone from mom and pop shops to large corporations to even ISPs can become the target of DDoS for the purpose of extortion, revenge, censorship, or a vareity of other reasons. However, no matter the motivation, DDoS is a crime, and a crime that is notoriously difficult to prosecute for. No definitive guide exists on how to collect information, what information to get, or even the proper authorities to contact. This presentation will outline how and what information to collect, who to give it to, and raise some important questions about how to deal with DDoS effectively within our community.

Speakers
Anna Claiborne, Prolexic Technologies
Director of Systems Development, Prolexic Technologies Ms. Claiborne is a founding employee of Prolexic Technologies and has served as Sr. Programmer, Operations Manager and Director of Systems Development since its 2003 inception. She wrote much of the original code base powering Prolexic's infrastructure, played a key role in mitigating hundreds of Distributed Denial of Service attacks, and helped to pioneer the growth and development of the company. Prior to Prolexic, she was a Programming Team Leader with Tower Records and a Network Engineer with Place Savings Bank. Ms. Claiborne has extensive knowledge of network security technology, operating systems, software development, network architecture, and database design. She also holds a degree in Genetic Engineering from the University of California Davis.

Full Abstract

The US is getting ready to start an End User ENUM trial. The Country Code 1 ENUM LLC is the company that was formed by the industry to obtain the CC1 delegation and to oversee both the trial as well as the commercial launch of ENUM. The US trial is set to test End User ENUM within the parameters established by the US government. This presentation provides an overview of the CC1 ENUM LLC’s role, delves into the US ENUM trial activities, and provides an outline of what is planned for the US ENUM commercial launch sometime in 2007.

Speakers
Karen Mulberry, Neustar
Sr. Director, Distinguished Member of the Technical Staff at Neustar Inc. is the founder and former Chairman of the CC1 ENUM LLC responsible for obtaining the Country Code 1 ENUM delegation. Karen previously worked at MCI on domestic and international numbering, naming and addressing issues, standards and policies, such as such as ITU Study Group 2, US ENUM Forum, INC, North American Portability Management LLC, and the FCC’s North American Numbering Council. She has been in the telecommunications industry for over 18 years and holds a BS from the University of San Francisco and an MBA from the University of Phoenix.

Full Abstract

The colocation and IDC industry is hot right now - literally. As data centers fill up, power and cooling capacity are exhausted before the space runs out. Why is this happening? Who is to blame? What can we do about it? And, most importantly, what does the future hold for the data center, in a world where blade servers use enough electricity to power a small town, and routers put out more BTUs than a pizza oven? Moderator Daniel Golding brings together vendors and data center operators to hash out one of the most "electrifying" issues facing the Internet industry.

Speakers
Moderator - Dan Golding, Tier1 Research
Daniel Golding is vice president of Tier 1 Research, specializing in the data center, colocation, and internet infrastructure industries. Prior to joining Tier 1, he was a senior analyst with the Burton Group, as well as Peering Manager for America Online. Daniel has briefed the FCC on Internet policy issues and is a frequent speaker at industry events, including the North American Network Operator's Group (NANOG) and the Global Peering Forum. Daniel holds a BS from Auburn University and an MS from George Mason University, both in engineering.

Panelist - Michael Laudon, Force10 Networks
Michael Laudon has over 12 years of network hardware design experience and is Director of Engineering, Hardware at Force10 Networks. He is responsible for the hardware design aspects of the E-Series switch/router platform. Mike previously held system architecture and line card development positions at Force10. Before joining Force10, Mike founded Sundance Technology where he designed Gigabit Ethernet MACs and PHYs, and previously worked in engineering roles at Cypress Semiconductor. Mike has an MSEE degree from the University of Wisconsin, Madison.

Panelist - Jay Park, Equinix.
Panelist - Rob Snevely, Sun Microsystems
Rob Snevely is an Enterprise Architect at Sun Microsystems and is the author of the book "Enterprise Data Center Design & Methodology." He has nearly 20 years experience working with large scale UNIX systems and is responsible for data center architecture for all of the Enterprise Technology Centers at Sun. Since coming to work for Sun in 1990 as a systems administrator, he has been involved with network and system performance and large-scale system engineering. His liberal arts background in theatre & art history augment his practical and pragmatic methods for designing data centers.

Josh Snowhorn, Terremark Worldwide, Inc.
With more than 6 years experience in the telecommunications industry, Mr. Snowhorn is currently a Director and the Peering Coordinator at Terremark Worldwide, Inc., a leading operator of Internet exchange points (IX) from which it provides colocation, interconnection and managed services to the government and commercial sectors. Mr. Snowhorn is responsible for all issues related to peering including facilitation of network interconnectivity between North and South America.

David Tsiang, Cisco Systems
Currently a Distinguished Engineer in the Service Provider Routing Technology (SPRTG) group. Worked on the AGS+, 7000/7500, GSR and CRS1 in the roles of hardware architecture and ASIC design. Currently managing the SPRTG architecture group at Cisco covering all service provider platforms including GSR and CRS1. Before Cisco worked at IBM on mainframe communications controllers and ROLM designing PBX's.

Brad Turner, Juniper Networks
Brian Young, Switch and Data
Brian Young is a solution engineer at Switch and Data LLC. He has over 15 years of Telecommunications and IT experience covering sales, data centers and engineering. His background allows him to assesss customer needs for technical and business proposals and develops solutions that solve real customer problems. Mr. Young holds a bachelor's in Electrical Engineering and a MBA in quantitative analysis from St. John's University.

Full Abstract

Speakers
Steve Feldman, CNET

Full Abstract

SNDS, what it does and why, where it's going, and solicitation of participant feedback. I am a Development Manager for Microsoft at Hotmail in Silicon Valley. One of the things my team does is design and build the mail and anti-spam systems for Hotmail. We did a project almost year ago now called Smart Network Data Services (http://postmaster.msn.com/snds) which gives anyone who can prove they own a given IP range the data that we produce as part of our mail delivery and anti-spam operations. My personal motivation for building this system was to provide ISPs a free tool which can be used to detect, measure, and hopefully resolve abuse problems within their network. We're now working on some major revisions to the system, which I think will make it a lot more useful and effective to this community.

Speakers
Eliot Gillum, Microsoft
Eliot Gillum is the Dev Manager for MSN Hotmail / Windows Live Mail Platform team. He joined Microsoft in 1999 as a Software Design Engineer and spent about 18 months in the Windows group, including Networking QoS, before moving to Hotmail. Prior to that he worked as a developer and architect for a various small companies and organizations in diverse areas from computational clustering and signal processing to multimedia. He holds a BS in Computer Science from Cornell.

Full Abstract

Speakers
Vince Fuller, Cisco Systems
Vince Fuller has been involved in global Internet operations, engineering, and architecture for 18 years, having worked for a series of local, regional, national, and international ISPs from 1988 through 2001. Most recently, he has been employed by Cisco Systems as a technical consultant to service provider customers, focusing on scaling issues of very large IP networks.

Jason Schiller, UUNET/Verizon

Full Abstract

Speakers
Rick Wesson

Full Abstract

Speakers
Mikael Abrahamsson

Full Abstract

Speakers
Alex Pilosov

Full Abstract

Speakers
Mohit Lad

Full Abstract

Speakers
Martin Hannigan

Full Abstract

Speakers
Anton Kapela

Full Abstract

Anycast is widely used in DNS root server deployments to improve resiliency, spread load and reduce latency. However, its effects on performance have not been studied in depth. We describe methodologies to determine the performance of anycast DNS service both from the client and the server side and to determine the benefit of each node in the anycast cloud. We use the methodologies to provide results on the performance of the K-root server, showing that anycast is effective in reducing latency and that its effects are largely constant over time. We also evaluate the benefit of the global nodes in the anycast cloud, showing that with the exception of the Delhi node, all nodes provide benefit to clients. Finally, we briefly examine the impact of client instance switches, showing that they do not present a serious problem in the current K-root deployment.

Speakers
Lorenzo Colitti, RIPE NCC

Full Abstract

There seems to be a widespread belief that gets propogated on various mailing lists that TCP over anycast is very very scary, and needs to be avoided at all costs. We'd like to share our operational experience showing that TCP over anycast isn't inherently unstable, and can be an exellent tool for increasing performance and/or availability in WAN services. Hopefully the presentation will be slightly interactive (how many people know what anycast is? how many people are deathly afraid of tcp anycast? ..etc) and we hope it will inspire discussion, if not tinkering.

Speakers
Moderator - Matt Levine, Cache Networks
Panelist - Barrett Lyon, BitGravity, LLC.
Panelist - Todd Underwood, Renesys Corporation
Todd Underwood is in charge of operations, security, and peering for Renesys, a provider of Internet Intelligence services. Before that he was CTO of Oso Grande, a small New Mexico ISP. He has a background in systems engineering and security and networking for clustered supercomputers. Todd has presented work related to Internet routing dynamics and relationships at NANOG and various peering forums (LINX, Switch and Data, NAP of the Americas). Todd received a B.A. in Philosophy from Columbia College, Columbia University, and an M.S. in Computer Science from the University of New Mexico.

Full Abstract

DNSSEC is ready for deployment from a standards and implementations point of view. However, there are very few signed TLD zones and, in particular, the root zone is not signed. In the absence of these, practical use of DNSSEC will not happen widely, unless there is some mechanism to avoid manual maintenance of multiple trust anchors This talk presents DLV, Domain Lookaside Validation, which is just such a mechanism.

Speakers
Joao Damas, Internet Systems Consortium
Joao joined in ISC in January 2003. He is Senior Programme Manager for F-root nameserver project and BIND Forum. Prior to ISC he was CTO at RIPE NCC. Previously, Joao worked at the University of Madrid as the network engineer in charge of all network services for the University and briefly with the Spanish Academic network. Joao is chairman of the routing-wg at RIPE and a member of the ICANN Root Server System Advisory Council. He regularly attends and speaks at RIPE, IETF, APNIC, LACNIC and is on several additional working groups within these organizations. He holds a MSc in Quantum Chemistry from the University in Madrid.